npm - @jmruthers/pace-core - Versions diffs - 0.6.1 → 0.6.3 - Mend

@jmruthers/pace-core 0.6.1 → 0.6.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (549) hide show

package/CHANGELOG.md +88 -10
package/cursor-rules/00-pace-core-compliance.mdc +46 -87
package/cursor-rules/01-standards-compliance.mdc +16 -47
package/cursor-rules/02-project-structure.mdc +4 -4
package/cursor-rules/03-solid-principles.mdc +45 -164
package/cursor-rules/04-testing-standards.mdc +22 -69
package/cursor-rules/05-bug-reports-and-features.mdc +2 -2
package/cursor-rules/06-code-quality.mdc +42 -125
package/cursor-rules/07-tech-stack-compliance.mdc +33 -128
package/cursor-rules/08-markup-quality.mdc +452 -0
package/cursor-rules/CHANGELOG.md +18 -0
package/cursor-rules/README.md +2 -1
package/dist/{AuthService-DjnJHDtC.d.ts → AuthService-Cb34EQs3.d.ts} +63 -1
package/dist/{DataTable-CH1U5Tpy.d.ts → DataTable-BMRU8a1j.d.ts} +33 -1
package/dist/{DataTable-DQ7RSOHE.js → DataTable-THFPBKTP.js} +12 -10
package/dist/{PublicPageProvider-ce4xlHYA.d.ts → PublicPageProvider-DEMpysFR.d.ts} +394 -171
package/dist/{UnifiedAuthProvider-185Ih4dj.d.ts → UnifiedAuthProvider-CKvHP1MK.d.ts} +30 -8
package/dist/{UnifiedAuthProvider-ATAP5UTR.js → UnifiedAuthProvider-KAGUYQ4J.js} +5 -4
package/dist/{api-N774RPUA.js → api-IAGWF3ZG.js} +10 -10
package/dist/{audit-B5P6FFIR.js → audit-V53FV5AG.js} +2 -2
package/dist/{chunk-JBKQ3SAO.js → chunk-2T2IG7T7.js} +107 -57
package/dist/chunk-2T2IG7T7.js.map +1 -0
package/dist/{chunk-3QRJFVBR.js → chunk-6SOIHG6Z.js} +1 -1
package/dist/chunk-6SOIHG6Z.js.map +1 -0
package/dist/{chunk-3XTALGJF.js → chunk-6Z7LTB3D.js} +69 -240
package/dist/chunk-6Z7LTB3D.js.map +1 -0
package/dist/{chunk-4ZC4GX36.js → chunk-CNCQDFLN.js} +199 -46
package/dist/chunk-CNCQDFLN.js.map +1 -0
package/dist/chunk-DGUM43GV.js +11 -0
package/dist/{chunk-BYFSK72L.js → chunk-DWUBLJJM.js} +361 -187
package/dist/chunk-DWUBLJJM.js.map +1 -0
package/dist/{chunk-LXQLPRQ2.js → chunk-FFQEQTNW.js} +6 -8
package/dist/chunk-FFQEQTNW.js.map +1 -0
package/dist/chunk-FMUCXFII.js +76 -0
package/dist/chunk-FMUCXFII.js.map +1 -0
package/dist/{chunk-4N5C5XZU.js → chunk-HFZBI76P.js} +4 -4
package/dist/chunk-HFZBI76P.js.map +1 -0
package/dist/{chunk-SQGMNID3.js → chunk-L4OXEN46.js} +4 -5
package/dist/chunk-L4OXEN46.js.map +1 -0
package/dist/{chunk-R77UEZ4E.js → chunk-M43Y4SSO.js} +1 -1
package/dist/chunk-M43Y4SSO.js.map +1 -0
package/dist/{chunk-I7PSE6JW.js → chunk-M7MPQISP.js} +3 -76
package/dist/chunk-M7MPQISP.js.map +1 -0
package/dist/chunk-PQBSKX33.js +7793 -0
package/dist/chunk-PQBSKX33.js.map +1 -0
package/dist/chunk-QRPVRXYT.js +226 -0
package/dist/chunk-QRPVRXYT.js.map +1 -0
package/dist/{chunk-KNC55RTG.js → chunk-RWEBCB47.js} +194 -416
package/dist/chunk-RWEBCB47.js.map +1 -0
package/dist/{chunk-XM25TVIE.js → chunk-YDQHOZNA.js} +843 -388
package/dist/chunk-YDQHOZNA.js.map +1 -0
package/dist/{chunk-GLK6VM3F.js → chunk-ZNIWI3UC.js} +739 -737
package/dist/chunk-ZNIWI3UC.js.map +1 -0
package/dist/components.d.ts +5 -5
package/dist/components.js +18 -16
package/dist/components.js.map +1 -1
package/dist/contextValidator-3JNZKUTX.js +9 -0
package/dist/contextValidator-3JNZKUTX.js.map +1 -0
package/dist/eslint-rules/pace-core-compliance.cjs +106 -0
package/dist/{functions-D_kgHktt.d.ts → functions-DHebl8-F.d.ts} +1 -1
package/dist/hooks.d.ts +55 -122
package/dist/hooks.js +10 -13
package/dist/hooks.js.map +1 -1
package/dist/index.d.ts +60 -13
package/dist/index.js +30 -25
package/dist/index.js.map +1 -1
package/dist/providers.d.ts +21 -3
package/dist/providers.js +4 -3
package/dist/rbac/index.d.ts +210 -139
package/dist/rbac/index.js +17 -13
package/dist/styles/index.js +1 -1
package/dist/theming/runtime.d.ts +1 -13
package/dist/theming/runtime.js +2 -2
package/dist/{timezone-_pgH8qrY.d.ts → timezone-CHhWg6b4.d.ts} +3 -10
package/dist/{types-UU913iLA.d.ts → types-BeoeWV5I.d.ts} +8 -0
package/dist/{types-CEpcvwwF.d.ts → types-CkbwOr4Y.d.ts} +6 -0
package/dist/types.d.ts +2 -2
package/dist/types.js +1 -1
package/dist/{usePublicRouteParams-BJAlWfuJ.d.ts → usePublicRouteParams-i3qtoBgg.d.ts} +38 -17
package/dist/utils.d.ts +4 -5
package/dist/utils.js +17 -19
package/dist/utils.js.map +1 -1
package/docs/api/README.md +21 -17
package/docs/api/modules.md +4191 -2967
package/docs/architecture/database-schema-requirements.md +161 -0
package/docs/components/context-selector.md +126 -0
package/docs/core-concepts/rbac-system.md +3 -3
package/docs/documentation-index.md +2 -4
package/docs/getting-started/cursor-rules.md +2 -1
package/docs/migration/DOCUMENTATION_STRUCTURE.md +441 -0
package/docs/migration/MIGRATION_GUIDE.md +2 -24
package/docs/migration/RBAC_SCOPE_MIGRATION.md +385 -0
package/docs/migration/README.md +52 -6
package/docs/migration/V0.5.190_TO_V0.6.1_MIGRATION.md +1153 -0
package/docs/migration/database-changes-december-2025.md +3 -3
package/docs/pace-mint-fix-auto-selection.md +218 -0
package/docs/pace-mint-rbac-setup.md +391 -0
package/docs/rbac/event-based-apps.md +1 -1
package/docs/rbac/getting-started.md +1 -1
package/docs/rbac/quick-start.md +1 -1
package/docs/rbac/secure-client-protection.md +330 -0
package/docs/standards/README.md +1 -0
package/package.json +4 -3
package/scripts/audit/core/checks/accessibility.cjs +197 -0
package/scripts/audit/core/checks/api-usage.cjs +191 -0
package/scripts/audit/core/checks/bundle.cjs +142 -0
package/scripts/{check-pace-core-compliance.cjs → audit/core/checks/compliance.cjs} +784 -685
package/scripts/audit/core/checks/config.cjs +54 -0
package/scripts/audit/core/checks/coverage.cjs +84 -0
package/scripts/audit/core/checks/dependencies.cjs +985 -0
package/scripts/audit/core/checks/documentation.cjs +268 -0
package/scripts/audit/core/checks/environment.cjs +116 -0
package/scripts/audit/core/checks/error-handling.cjs +340 -0
package/scripts/audit/core/checks/forms.cjs +172 -0
package/scripts/audit/core/checks/heuristics.cjs +68 -0
package/scripts/audit/core/checks/hooks.cjs +334 -0
package/scripts/audit/core/checks/imports.cjs +244 -0
package/scripts/audit/core/checks/performance.cjs +325 -0
package/scripts/audit/core/checks/routes.cjs +117 -0
package/scripts/audit/core/checks/state.cjs +130 -0
package/scripts/audit/core/checks/structure.cjs +65 -0
package/scripts/audit/core/checks/style.cjs +584 -0
package/scripts/audit/core/checks/testing.cjs +122 -0
package/scripts/audit/core/checks/typescript.cjs +61 -0
package/scripts/audit/core/scanner.cjs +199 -0
package/scripts/audit/core/utils.cjs +137 -0
package/scripts/audit/index.cjs +223 -0
package/scripts/audit/reporters/console.cjs +151 -0
package/scripts/audit/reporters/json.cjs +54 -0
package/scripts/audit/reporters/markdown.cjs +124 -0
package/scripts/audit-consuming-app.cjs +61 -936
package/scripts/build-docs/build-decision.js +240 -0
package/scripts/build-docs/cache-utils.js +105 -0
package/scripts/build-docs/content-normalization.js +150 -0
package/scripts/build-docs/file-utils.js +105 -0
package/scripts/build-docs/git-utils.js +86 -0
package/scripts/build-docs/hash-utils.js +116 -0
package/scripts/build-docs/typedoc-runner.js +220 -0
package/scripts/build-docs-incremental.js +77 -913
package/scripts/utils/command-runner.js +16 -11
package/scripts/validate-formats.js +61 -56
package/scripts/validate-master.js +74 -69
package/scripts/validate-pre-publish.js +70 -65
package/src/__tests__/hooks/usePermissions.test.ts +2 -2
package/src/components/Alert/Alert.test.tsx +12 -18
package/src/components/Alert/Alert.tsx +5 -7
package/src/components/Avatar/Avatar.test.tsx +4 -4
package/src/components/Badge/Badge.tsx +14 -0
package/src/components/Button/Button.tsx +22 -0
package/src/components/Calendar/Calendar.tsx +8 -2
package/src/components/Card/Card.tsx +4 -0
package/src/components/Checkbox/Checkbox.test.tsx +12 -12
package/src/components/Checkbox/Checkbox.tsx +2 -2
package/src/components/ContextSelector/ContextSelector.tsx +384 -0
package/src/components/ContextSelector/index.ts +3 -0
package/src/components/DataTable/DataTable.tsx +38 -4
package/src/components/DataTable/__tests__/DataTableCore.test-setup.ts +5 -6
package/src/components/DataTable/__tests__/pagination.modes.test.tsx +18 -4
package/src/components/DataTable/__tests__/test-utils/sharedTestUtils.tsx +2 -3
package/src/components/DataTable/components/AccessDeniedPage.tsx +16 -25
package/src/components/DataTable/components/ActionButtons.tsx +10 -7
package/src/components/DataTable/components/BulkOperationsDropdown.tsx +1 -1
package/src/components/DataTable/components/ColumnFilter.tsx +10 -0
package/src/components/DataTable/components/ColumnVisibilityDropdown.tsx +12 -0
package/src/components/DataTable/components/DataTableBody.tsx +8 -0
package/src/components/DataTable/components/DataTableCore.tsx +196 -554
package/src/components/DataTable/components/DataTableErrorBoundary.tsx +11 -0
package/src/components/DataTable/components/DataTableLayout.tsx +559 -0
package/src/components/DataTable/components/DataTableModals.tsx +8 -0
package/src/components/DataTable/components/DataTableToolbar.tsx +8 -0
package/src/components/DataTable/components/DraggableColumnHeader.tsx +12 -0
package/src/components/DataTable/components/EditFields.tsx +307 -0
package/src/components/DataTable/components/EditableRow.tsx +8 -0
package/src/components/DataTable/components/EmptyState.tsx +10 -0
package/src/components/DataTable/components/FilterRow.tsx +12 -0
package/src/components/DataTable/components/GroupHeader.tsx +12 -0
package/src/components/DataTable/components/GroupingDropdown.tsx +12 -0
package/src/components/DataTable/components/ImportModal.tsx +7 -0
package/src/components/DataTable/components/LoadingState.tsx +6 -0
package/src/components/DataTable/components/PaginationControls.tsx +16 -1
package/src/components/DataTable/components/RowComponent.tsx +391 -0
package/src/components/DataTable/components/UnifiedTableBody.tsx +63 -851
package/src/components/DataTable/components/VirtualizedDataTable.tsx +16 -4
package/src/components/DataTable/components/__tests__/AccessDeniedPage.test.tsx +4 -2
package/src/components/DataTable/components/cellValueUtils.ts +40 -0
package/src/components/DataTable/components/hooks/useImportModalFocus.ts +53 -0
package/src/components/DataTable/components/hooks/usePermissionTracking.ts +126 -0
package/src/components/DataTable/context/DataTableContext.tsx +50 -0
package/src/components/DataTable/core/ColumnFactory.ts +31 -0
package/src/components/DataTable/core/DataTableContext.tsx +32 -1
package/src/components/DataTable/hooks/useColumnOrderPersistence.ts +10 -0
package/src/components/DataTable/hooks/useColumnReordering.ts +12 -0
package/src/components/DataTable/hooks/useColumnVisibilityPersistence.ts +10 -0
package/src/components/DataTable/hooks/useDataTableDataPipeline.ts +16 -0
package/src/components/DataTable/hooks/useDataTablePermissions.ts +127 -33
package/src/components/DataTable/hooks/useDataTableState.ts +35 -1
package/src/components/DataTable/hooks/useEffectiveColumnOrder.ts +12 -0
package/src/components/DataTable/hooks/useServerSideDataEffect.ts +11 -0
package/src/components/DataTable/hooks/useTableColumns.ts +8 -0
package/src/components/DataTable/hooks/useTableHandlers.ts +14 -0
package/src/components/DataTable/styles.ts +6 -6
package/src/components/DataTable/types.ts +6 -10
package/src/components/DataTable/utils/a11yUtils.ts +7 -0
package/src/components/DataTable/utils/debugTools.ts +18 -113
package/src/components/DataTable/utils/errorHandling.ts +12 -0
package/src/components/DataTable/utils/exportUtils.ts +9 -0
package/src/components/DataTable/utils/flexibleImport.ts +12 -48
package/src/components/DataTable/utils/paginationUtils.ts +8 -0
package/src/components/DataTable/utils/performanceUtils.ts +5 -1
package/src/components/Dialog/Dialog.tsx +31 -3
package/src/components/ErrorBoundary/ErrorBoundary.test.tsx +180 -1
package/src/components/ErrorBoundary/ErrorBoundary.tsx +45 -5
package/src/components/ErrorBoundary/ErrorBoundaryContext.tsx +129 -0
package/src/components/ErrorBoundary/index.ts +27 -2
package/src/components/FileDisplay/FileDisplay.tsx +74 -28
package/src/components/FileUpload/FileUpload.tsx +22 -2
package/src/components/Footer/Footer.test.tsx +16 -16
package/src/components/Footer/Footer.tsx +14 -11
package/src/components/Form/Form.tsx +1 -0
package/src/components/Header/Header.test.tsx +43 -73
package/src/components/Header/Header.tsx +59 -49
package/src/components/Input/Input.test.tsx +2 -2
package/src/components/Input/Input.tsx +8 -4
package/src/components/LoadingSpinner/LoadingSpinner.test.tsx +4 -4
package/src/components/LoginForm/LoginForm.tsx +4 -0
package/src/components/NavigationMenu/NavigationMenu.tsx +14 -513
package/src/components/NavigationMenu/types.ts +56 -0
package/src/components/NavigationMenu/useNavigationFiltering.ts +390 -0
package/src/components/PaceAppLayout/PaceAppLayout.integration.test.tsx +10 -19
package/src/components/PaceAppLayout/PaceAppLayout.performance.test.tsx +2 -2
package/src/components/PaceAppLayout/PaceAppLayout.security.test.tsx +5 -5
package/src/components/PaceAppLayout/PaceAppLayout.test.tsx +13 -11
package/src/components/PaceAppLayout/PaceAppLayout.tsx +167 -44
package/src/components/PaceAppLayout/README.md +14 -17
package/src/components/PaceAppLayout/test-setup.tsx +3 -4
package/src/components/PaceLoginPage/PaceLoginPage.tsx +3 -0
package/src/components/PasswordChange/PasswordChangeForm.tsx +9 -0
package/src/components/ProtectedRoute/ProtectedRoute.tsx +3 -9
package/src/components/PublicLayout/PublicPageLayout.tsx +2 -5
package/src/components/PublicLayout/PublicPageProvider.tsx +4 -0
package/src/components/Select/Select.tsx +80 -434
package/src/components/Select/context.ts +23 -0
package/src/components/Select/hooks/useSelectEvents.ts +87 -0
package/src/components/Select/hooks/useSelectSearch.ts +91 -0
package/src/components/Select/hooks/useSelectState.ts +104 -0
package/src/components/Select/index.ts +9 -1
package/src/components/Select/types.ts +123 -0
package/src/components/Select/utils/text.ts +26 -0
package/src/components/SessionRestorationLoader/SessionRestorationLoader.tsx +4 -5
package/src/components/Switch/Switch.tsx +4 -4
package/src/components/Tabs/Tabs.tsx +1 -1
package/src/components/Toast/Toast.tsx +4 -0
package/src/components/Tooltip/Tooltip.tsx +2 -2
package/src/components/UserMenu/UserMenu.test.tsx +24 -11
package/src/components/UserMenu/UserMenu.tsx +21 -18
package/src/components/index.ts +7 -7
package/src/eslint-rules/pace-core-compliance.cjs +106 -0
package/src/hooks/__tests__/index.unit.test.ts +2 -5
package/src/hooks/__tests__/useAppConfig.unit.test.ts +4 -98
package/src/hooks/index.ts +1 -2
package/src/hooks/public/usePublicEvent.ts +4 -0
package/src/hooks/public/usePublicEventLogo.ts +4 -0
package/src/hooks/public/usePublicFileDisplay.ts +4 -0
package/src/hooks/public/usePublicRouteParams.ts +4 -0
package/src/hooks/services/useAuth.ts +32 -0
package/src/hooks/services/useCurrentEvent.ts +6 -0
package/src/hooks/services/useCurrentOrganisation.ts +6 -0
package/src/hooks/useAppConfig.ts +15 -30
package/src/hooks/useDebounce.ts +9 -0
package/src/hooks/useEventTheme.ts +6 -0
package/src/hooks/useFileDisplay.ts +81 -50
package/src/hooks/useFileReference.ts +25 -7
package/src/hooks/useFileUrl.ts +11 -1
package/src/hooks/useFocusManagement.ts +14 -0
package/src/hooks/useFocusTrap.ts +3 -0
package/src/hooks/useInactivityTracker.ts +3 -0
package/src/hooks/useKeyboardShortcuts.ts +4 -0
package/src/hooks/useOrganisationPermissions.ts +4 -0
package/src/hooks/useOrganisationSecurity.ts +4 -0
package/src/hooks/usePerformanceMonitor.ts +4 -0
package/src/hooks/usePermissionCache.ts +7 -0
package/src/hooks/useQueryCache.ts +12 -1
package/src/hooks/useSessionRestoration.ts +4 -0
package/src/hooks/useStorage.ts +4 -0
package/src/hooks/useToast.ts +1 -1
package/src/index.ts +6 -6
package/src/providers/__tests__/OrganisationProvider.test.tsx +92 -70
package/src/providers/services/AuthServiceProvider.tsx +35 -7
package/src/providers/services/EventServiceProvider.tsx +51 -5
package/src/providers/services/InactivityServiceProvider.tsx +18 -0
package/src/providers/services/OrganisationServiceProvider.tsx +18 -0
package/src/providers/services/UnifiedAuthProvider.tsx +126 -134
package/src/providers/services/__tests__/AuthServiceProvider.integration.test.tsx +29 -13
package/src/rbac/README.md +1 -1
package/src/rbac/__tests__/adapters.comprehensive.test.tsx +1 -1
package/src/rbac/__tests__/scenarios.user-role.test.tsx +4 -5
package/src/rbac/adapters.tsx +12 -3
package/src/rbac/api.test.ts +59 -51
package/src/rbac/api.ts +246 -167
package/src/rbac/components/NavigationProvider.tsx +4 -1
package/src/rbac/components/PagePermissionGuard.tsx +185 -17
package/src/rbac/components/RoleBasedRouter.tsx +5 -1
package/src/rbac/components/SecureDataProvider.test.tsx +84 -49
package/src/rbac/components/SecureDataProvider.tsx +20 -5
package/src/rbac/components/__tests__/PagePermissionGuard.race-condition.test.tsx +24 -14
package/src/rbac/components/__tests__/PagePermissionGuard.test.tsx +7 -0
package/src/rbac/components/__tests__/PagePermissionGuard.verification.test.tsx +14 -6
package/src/rbac/components/__tests__/RoleBasedRouter.test.tsx +15 -4
package/src/rbac/components/__tests__/SecureDataProvider.fixed.test.tsx +148 -24
package/src/rbac/components/__tests__/SecureDataProvider.test.tsx +81 -15
package/src/rbac/engine.ts +38 -14
package/src/rbac/hooks/__tests__/useSecureSupabase.test.ts +32 -21
package/src/rbac/hooks/permissions/index.ts +7 -0
package/src/rbac/hooks/permissions/useAccessLevel.ts +105 -0
package/src/rbac/hooks/permissions/useCachedPermissions.ts +79 -0
package/src/rbac/hooks/permissions/useCan.ts +377 -0
package/src/rbac/hooks/permissions/useHasAllPermissions.ts +90 -0
package/src/rbac/hooks/permissions/useHasAnyPermission.ts +90 -0
package/src/rbac/hooks/permissions/useMultiplePermissions.ts +93 -0
package/src/rbac/hooks/permissions/usePermissions.ts +253 -0
package/src/rbac/hooks/useCan.test.ts +64 -66
package/src/rbac/hooks/usePermissions.ts +14 -995
package/src/rbac/hooks/useRBAC.test.ts +1 -5
package/src/rbac/hooks/useRBAC.ts +36 -37
package/src/rbac/hooks/useResolvedScope.test.ts +120 -35
package/src/rbac/hooks/useResolvedScope.ts +35 -40
package/src/rbac/hooks/useResourcePermissions.test.ts +54 -18
package/src/rbac/hooks/useResourcePermissions.ts +14 -4
package/src/rbac/hooks/useSecureSupabase.ts +27 -7
package/src/rbac/index.ts +7 -0
package/src/rbac/permissions.ts +0 -30
package/src/rbac/secureClient.test.ts +22 -18
package/src/rbac/secureClient.ts +294 -68
package/src/rbac/security.ts +0 -17
package/src/rbac/types.ts +9 -0
package/src/rbac/utils/__tests__/contextValidator.test.ts +64 -86
package/src/rbac/utils/clientSecurity.ts +93 -0
package/src/rbac/utils/contextValidator.ts +77 -168
package/src/services/AuthService.ts +39 -7
package/src/services/EventService.ts +186 -54
package/src/services/OrganisationService.ts +81 -14
package/src/services/__tests__/EventService.test.ts +1 -2
package/src/services/base/BaseService.ts +3 -0
package/src/theming/__tests__/parseEventColours.test.ts +6 -9
package/src/theming/parseEventColours.ts +5 -19
package/src/types/vitest-globals.d.ts +51 -26
package/src/utils/__mocks__/supabaseMock.ts +1 -3
package/src/utils/__tests__/formatting.unit.test.ts +4 -4
package/src/utils/__tests__/index.unit.test.ts +2 -2
package/src/utils/audit/audit.ts +0 -3
package/src/utils/core/cn.ts +1 -1
package/src/utils/dynamic/dynamicUtils.ts +7 -4
package/src/utils/file-reference/index.ts +53 -1
package/src/utils/formatting/formatting.ts +8 -18
package/src/utils/index.ts +0 -1
package/dist/chunk-3QRJFVBR.js.map +0 -1
package/dist/chunk-3XTALGJF.js.map +0 -1
package/dist/chunk-4N5C5XZU.js.map +0 -1
package/dist/chunk-4ZC4GX36.js.map +0 -1
package/dist/chunk-7D4SUZUM.js +0 -38
package/dist/chunk-BYFSK72L.js.map +0 -1
package/dist/chunk-EXUD6RNJ.js +0 -451
package/dist/chunk-EXUD6RNJ.js.map +0 -1
package/dist/chunk-GLK6VM3F.js.map +0 -1
package/dist/chunk-I7PSE6JW.js.map +0 -1
package/dist/chunk-JBKQ3SAO.js.map +0 -1
package/dist/chunk-KNC55RTG.js.map +0 -1
package/dist/chunk-LXQLPRQ2.js.map +0 -1
package/dist/chunk-R77UEZ4E.js.map +0 -1
package/dist/chunk-SQGMNID3.js.map +0 -1
package/dist/chunk-T33XF5ZC.js +0 -12922
package/dist/chunk-T33XF5ZC.js.map +0 -1
package/dist/chunk-XM25TVIE.js.map +0 -1
package/docs/api/classes/ColumnFactory.md +0 -243
package/docs/api/classes/ErrorBoundary.md +0 -144
package/docs/api/classes/InvalidScopeError.md +0 -73
package/docs/api/classes/Logger.md +0 -178
package/docs/api/classes/MissingUserContextError.md +0 -66
package/docs/api/classes/OrganisationContextRequiredError.md +0 -66
package/docs/api/classes/PermissionDeniedError.md +0 -73
package/docs/api/classes/RBACAuditManager.md +0 -297
package/docs/api/classes/RBACCache.md +0 -322
package/docs/api/classes/RBACEngine.md +0 -171
package/docs/api/classes/RBACError.md +0 -76
package/docs/api/classes/RBACNotInitializedError.md +0 -66
package/docs/api/classes/SecureSupabaseClient.md +0 -160
package/docs/api/classes/StorageUtils.md +0 -328
package/docs/api/enums/FileCategory.md +0 -184
package/docs/api/enums/LogLevel.md +0 -54
package/docs/api/enums/RBACErrorCode.md +0 -228
package/docs/api/enums/RPCFunction.md +0 -118
package/docs/api/interfaces/AddressFieldProps.md +0 -241
package/docs/api/interfaces/AddressFieldRef.md +0 -94
package/docs/api/interfaces/AggregateConfig.md +0 -43
package/docs/api/interfaces/AutocompleteOptions.md +0 -75
package/docs/api/interfaces/AvatarProps.md +0 -128
package/docs/api/interfaces/BadgeProps.md +0 -27
package/docs/api/interfaces/ButtonProps.md +0 -53
package/docs/api/interfaces/CalendarProps.md +0 -70
package/docs/api/interfaces/CardProps.md +0 -66
package/docs/api/interfaces/ColorPalette.md +0 -7
package/docs/api/interfaces/ColorShade.md +0 -66
package/docs/api/interfaces/ComplianceResult.md +0 -30
package/docs/api/interfaces/DataAccessRecord.md +0 -96
package/docs/api/interfaces/DataRecord.md +0 -11
package/docs/api/interfaces/DataTableAction.md +0 -249
package/docs/api/interfaces/DataTableColumn.md +0 -504
package/docs/api/interfaces/DataTableProps.md +0 -625
package/docs/api/interfaces/DataTableToolbarButton.md +0 -96
package/docs/api/interfaces/DatabaseComplianceResult.md +0 -85
package/docs/api/interfaces/DatabaseIssue.md +0 -41
package/docs/api/interfaces/EmptyStateConfig.md +0 -61
package/docs/api/interfaces/EnhancedNavigationMenuProps.md +0 -235
package/docs/api/interfaces/EventAppRoleData.md +0 -71
package/docs/api/interfaces/ExportColumn.md +0 -90
package/docs/api/interfaces/ExportOptions.md +0 -126
package/docs/api/interfaces/FileDisplayProps.md +0 -249
package/docs/api/interfaces/FileMetadata.md +0 -129
package/docs/api/interfaces/FileReference.md +0 -118
package/docs/api/interfaces/FileSizeLimits.md +0 -7
package/docs/api/interfaces/FileUploadOptions.md +0 -139
package/docs/api/interfaces/FileUploadProps.md +0 -293
package/docs/api/interfaces/FooterProps.md +0 -105
package/docs/api/interfaces/FormFieldProps.md +0 -166
package/docs/api/interfaces/FormProps.md +0 -113
package/docs/api/interfaces/GrantEventAppRoleParams.md +0 -122
package/docs/api/interfaces/InactivityWarningModalProps.md +0 -115
package/docs/api/interfaces/InputProps.md +0 -53
package/docs/api/interfaces/LabelProps.md +0 -107
package/docs/api/interfaces/LoggerConfig.md +0 -62
package/docs/api/interfaces/LoginFormProps.md +0 -184
package/docs/api/interfaces/NavigationAccessRecord.md +0 -107
package/docs/api/interfaces/NavigationContextType.md +0 -164
package/docs/api/interfaces/NavigationGuardProps.md +0 -139
package/docs/api/interfaces/NavigationItem.md +0 -120
package/docs/api/interfaces/NavigationMenuProps.md +0 -221
package/docs/api/interfaces/NavigationProviderProps.md +0 -117
package/docs/api/interfaces/Organisation.md +0 -140
package/docs/api/interfaces/OrganisationContextType.md +0 -388
package/docs/api/interfaces/OrganisationMembership.md +0 -140
package/docs/api/interfaces/OrganisationProviderProps.md +0 -76
package/docs/api/interfaces/OrganisationSecurityError.md +0 -62
package/docs/api/interfaces/PaceAppLayoutProps.md +0 -406
package/docs/api/interfaces/PaceLoginPageProps.md +0 -47
package/docs/api/interfaces/PageAccessRecord.md +0 -85
package/docs/api/interfaces/PagePermissionContextType.md +0 -140
package/docs/api/interfaces/PagePermissionGuardProps.md +0 -153
package/docs/api/interfaces/PagePermissionProviderProps.md +0 -119
package/docs/api/interfaces/PaletteData.md +0 -41
package/docs/api/interfaces/ParsedAddress.md +0 -120
package/docs/api/interfaces/PermissionEnforcerProps.md +0 -153
package/docs/api/interfaces/ProgressProps.md +0 -42
package/docs/api/interfaces/ProtectedRouteProps.md +0 -97
package/docs/api/interfaces/PublicPageFooterProps.md +0 -112
package/docs/api/interfaces/PublicPageHeaderProps.md +0 -125
package/docs/api/interfaces/PublicPageLayoutProps.md +0 -198
package/docs/api/interfaces/QuickFix.md +0 -52
package/docs/api/interfaces/RBACAccessValidateParams.md +0 -52
package/docs/api/interfaces/RBACAccessValidateResult.md +0 -41
package/docs/api/interfaces/RBACAuditLogParams.md +0 -85
package/docs/api/interfaces/RBACAuditLogResult.md +0 -52
package/docs/api/interfaces/RBACConfig.md +0 -133
package/docs/api/interfaces/RBACContext.md +0 -52
package/docs/api/interfaces/RBACLogger.md +0 -112
package/docs/api/interfaces/RBACPageAccessCheckParams.md +0 -74
package/docs/api/interfaces/RBACPerformanceMetrics.md +0 -138
package/docs/api/interfaces/RBACPermissionCheckParams.md +0 -74
package/docs/api/interfaces/RBACPermissionCheckResult.md +0 -52
package/docs/api/interfaces/RBACPermissionsGetParams.md +0 -63
package/docs/api/interfaces/RBACPermissionsGetResult.md +0 -63
package/docs/api/interfaces/RBACResult.md +0 -58
package/docs/api/interfaces/RBACRoleGrantParams.md +0 -63
package/docs/api/interfaces/RBACRoleGrantResult.md +0 -52
package/docs/api/interfaces/RBACRoleRevokeParams.md +0 -63
package/docs/api/interfaces/RBACRoleRevokeResult.md +0 -52
package/docs/api/interfaces/RBACRoleValidateParams.md +0 -52
package/docs/api/interfaces/RBACRoleValidateResult.md +0 -63
package/docs/api/interfaces/RBACRolesListParams.md +0 -52
package/docs/api/interfaces/RBACRolesListResult.md +0 -74
package/docs/api/interfaces/RBACSessionTrackParams.md +0 -74
package/docs/api/interfaces/RBACSessionTrackResult.md +0 -52
package/docs/api/interfaces/ResourcePermissions.md +0 -155
package/docs/api/interfaces/RevokeEventAppRoleParams.md +0 -100
package/docs/api/interfaces/RoleBasedRouterContextType.md +0 -151
package/docs/api/interfaces/RoleBasedRouterProps.md +0 -156
package/docs/api/interfaces/RoleManagementResult.md +0 -52
package/docs/api/interfaces/RouteAccessRecord.md +0 -107
package/docs/api/interfaces/RouteConfig.md +0 -134
package/docs/api/interfaces/RuntimeComplianceResult.md +0 -55
package/docs/api/interfaces/SecureDataContextType.md +0 -168
package/docs/api/interfaces/SecureDataProviderProps.md +0 -132
package/docs/api/interfaces/SessionRestorationLoaderProps.md +0 -34
package/docs/api/interfaces/SetupIssue.md +0 -41
package/docs/api/interfaces/StorageConfig.md +0 -41
package/docs/api/interfaces/StorageFileInfo.md +0 -74
package/docs/api/interfaces/StorageFileMetadata.md +0 -151
package/docs/api/interfaces/StorageListOptions.md +0 -99
package/docs/api/interfaces/StorageListResult.md +0 -41
package/docs/api/interfaces/StorageUploadOptions.md +0 -101
package/docs/api/interfaces/StorageUploadResult.md +0 -63
package/docs/api/interfaces/StorageUrlOptions.md +0 -60
package/docs/api/interfaces/StyleImport.md +0 -19
package/docs/api/interfaces/SwitchProps.md +0 -34
package/docs/api/interfaces/TabsContentProps.md +0 -9
package/docs/api/interfaces/TabsListProps.md +0 -9
package/docs/api/interfaces/TabsProps.md +0 -9
package/docs/api/interfaces/TabsTriggerProps.md +0 -50
package/docs/api/interfaces/TextareaProps.md +0 -53
package/docs/api/interfaces/ToastActionElement.md +0 -9
package/docs/api/interfaces/ToastProps.md +0 -9
package/docs/api/interfaces/UnifiedAuthContextType.md +0 -820
package/docs/api/interfaces/UnifiedAuthProviderProps.md +0 -171
package/docs/api/interfaces/UseFormDialogOptions.md +0 -62
package/docs/api/interfaces/UseFormDialogReturn.md +0 -117
package/docs/api/interfaces/UseInactivityTrackerOptions.md +0 -136
package/docs/api/interfaces/UseInactivityTrackerReturn.md +0 -123
package/docs/api/interfaces/UsePublicEventLogoOptions.md +0 -87
package/docs/api/interfaces/UsePublicEventLogoReturn.md +0 -81
package/docs/api/interfaces/UsePublicEventOptions.md +0 -34
package/docs/api/interfaces/UsePublicEventReturn.md +0 -68
package/docs/api/interfaces/UsePublicFileDisplayOptions.md +0 -47
package/docs/api/interfaces/UsePublicFileDisplayReturn.md +0 -120
package/docs/api/interfaces/UsePublicRouteParamsReturn.md +0 -94
package/docs/api/interfaces/UseResolvedScopeOptions.md +0 -47
package/docs/api/interfaces/UseResolvedScopeReturn.md +0 -47
package/docs/api/interfaces/UseResourcePermissionsOptions.md +0 -34
package/docs/api/interfaces/UserEventAccess.md +0 -118
package/docs/api/interfaces/UserMenuProps.md +0 -86
package/docs/api/interfaces/UserProfile.md +0 -63
package/docs/migration/quick-migration-guide.md +0 -356
package/docs/migration/service-architecture.md +0 -281
package/src/components/EventSelector/EventSelector.test.tsx +0 -720
package/src/components/EventSelector/EventSelector.tsx +0 -420
package/src/components/EventSelector/index.ts +0 -3
package/src/components/OrganisationSelector/OrganisationSelector.test.tsx +0 -784
package/src/components/OrganisationSelector/OrganisationSelector.tsx +0 -324
package/src/components/OrganisationSelector/index.ts +0 -9
package/src/hooks/__tests__/useSecureDataAccess.unit.test.tsx +0 -680
package/src/hooks/useSecureDataAccess.test.ts +0 -559
package/src/hooks/useSecureDataAccess.ts +0 -681
/package/dist/{DataTable-DQ7RSOHE.js.map → DataTable-THFPBKTP.js.map} +0 -0
/package/dist/{UnifiedAuthProvider-ATAP5UTR.js.map → UnifiedAuthProvider-KAGUYQ4J.js.map} +0 -0
/package/dist/{api-N774RPUA.js.map → api-IAGWF3ZG.js.map} +0 -0
/package/dist/{audit-B5P6FFIR.js.map → audit-V53FV5AG.js.map} +0 -0
/package/dist/{chunk-7D4SUZUM.js.map → chunk-DGUM43GV.js.map} +0 -0
/package/docs/migration/{organisation-context-timing-fix.md → V0.3.44_organisation-context-timing-fix.md} +0 -0
/package/docs/migration/{rbac-migration.md → V0.4.0_rbac-migration.md} +0 -0
/package/docs/migration/{person-scoped-profiles-migration-guide.md → V0.5.190_person-scoped-profiles-migration-guide.md} +0 -0
/package/docs/migration/{REACT_19_MIGRATION.md → V0.6.0_REACT_19_MIGRATION.md} +0 -0

package/src/rbac/components/PagePermissionGuard.tsx CHANGED Viewed

@@ -141,17 +141,87 @@ const PagePermissionGuardComponent = ({
   const { user, selectedOrganisation, selectedEvent, supabase, appId: contextAppId, appName } = useUnifiedAuth();
   const [hasChecked, setHasChecked] = useState(false);
+  const hasLoggedSuperAdminRef = useRef(false);
+  // Determine the page ID for permission checking
+  const effectivePageId = useMemo((): string => {
+    return pageId || pageName;
+  }, [pageId, pageName]);
+  // Check super admin status directly - don't rely on useRBAC which might not be loaded yet
+  // This ensures super admins get immediate access without waiting for RBAC context to load
+  const [isSuperAdmin, setIsSuperAdmin] = useState<boolean | null>(null);
+  useEffect(() => {
+    if (!user?.id) {
+      setIsSuperAdmin(false);
+      return;
+    }
+    let cancelled = false;
+    const checkSuperAdmin = async () => {
+      const startTime = Date.now();
+      try {
+        const { isSuperAdmin: checkSuperAdmin } = await import('../api');
+        // Add timeout to prevent hanging
+        const timeoutPromise = new Promise<boolean>((_, reject) => {
+          setTimeout(() => reject(new Error('Super admin check timeout')), 10000);
+        });
+        const isSuper = await Promise.race([
+          checkSuperAdmin(user.id),
+          timeoutPromise
+        ]);
+        const elapsed = Date.now() - startTime;
+        if (!cancelled) {
+          setIsSuperAdmin(isSuper);
+          if (process.env.NODE_ENV === 'development') {
+            console.log('[PagePermissionGuard] Super admin check completed', {
+              userId: user.id,
+              isSuperAdmin: isSuper,
+              elapsedMs: elapsed
+            });
+          }
+        }
+      } catch (err) {
+        const elapsed = Date.now() - startTime;
+        if (!cancelled) {
+          console.error('[PagePermissionGuard] Error checking super admin', {
+            error: err,
+            userId: user.id,
+            elapsedMs: elapsed
+          });
+          // On timeout or error, assume not super admin (fail secure)
+          // But log it so we can debug
+          setIsSuperAdmin(false);
+        }
+      }
+    };
+    checkSuperAdmin();
+    return () => {
+      cancelled = true;
+    };
+  }, [user?.id]);
   // Use useResolvedScope hook for consistent scope resolution
   // For event-required apps: selectedOrganisation is null, org derived from event
   // For org-required apps: selectedOrganisation is available, event optional
   // For page-level permissions, PORTAL app allows both contexts to be optional
+  // NOTE: Super admins bypass scope requirements, but we still need to call the hook
   const { resolvedScope: hookResolvedScope, isLoading: scopeLoading, error: scopeError } = useResolvedScope({
     supabase,
     selectedOrganisationId: selectedOrganisation?.id || null,
     selectedEventId: selectedEvent?.event_id || null
   });
+  // For super admins, we can use a minimal scope since they bypass all checks
+  // This prevents scope resolution from blocking super admin access
+  const shouldBypassScopeForSuperAdmin = isSuperAdmin === true;
   // Use provided scope if available, otherwise use resolved scope
   // For PORTAL app page-level permissions, allow scope without org/event
   // Ensure appId is available for PORTAL/ADMIN (use contextAppId as fallback)
@@ -171,11 +241,6 @@ const PagePermissionGuardComponent = ({
   } : null)));
   const checkError = scopeError;
-  // Determine the page ID for permission checking
-  const effectivePageId = useMemo((): string => {
-    return pageId || pageName;
-  }, [pageId, pageName]);
   // Build the permission string
   const permission = useMemo((): Permission => {
     return `${operation}:page.${pageName}` as Permission;
@@ -225,22 +290,44 @@ const PagePermissionGuardComponent = ({
     return newScope;
   }, [effectiveScope, appName, contextAppId, selectedEvent?.event_id]);
+  // For super admins, use a minimal valid scope since they bypass all checks
+  // This prevents scope validation from blocking super admin access
+  const scopeForPermissionCheck = shouldBypassScopeForSuperAdmin && !stableScope?.organisationId
+    ? {
+        organisationId: undefined,
+        appId: contextAppId || undefined,
+        eventId: selectedEvent?.event_id || undefined
+      }
+    : stableScope;
+  // CRITICAL: If super admin is confirmed, skip useCan entirely to avoid any blocking
+  // Super admins have access to everything, so no need to check permissions
+  const shouldSkipPermissionCheck = isSuperAdmin === true;
   // Check if user has permission - only call useCan when we have a resolved scope with valid organisationId
   // If resolvedScope is null or has no organisationId, useCan will keep isLoading=true
   // Pass appName to useCan so it can be passed to isPermitted for PORTAL/ADMIN special case
+  // Pass precomputed super admin status to avoid duplicate checks in useCan
+  // For super admins, we can skip the check entirely, but still call useCan with a dummy scope to avoid hook rule violations
   const { can, isLoading: canIsLoading, error: canError } = useCan(
     user?.id || '',
-    stableScope,
+    shouldSkipPermissionCheck ? { organisationId: undefined, appId: contextAppId || undefined, eventId: undefined } : scopeForPermissionCheck,
     permission,
     effectivePageId,
     true, // Use cache
+    isSuperAdmin, // precomputedSuperAdmin - null if checking, true/false if checked
     appName // Pass appName for PORTAL/ADMIN special case
   );
+  // Override can for super admins - they always have access
+  const effectiveCan = shouldSkipPermissionCheck ? true : can;
+  const effectiveIsLoading = shouldSkipPermissionCheck ? false : canIsLoading;
   // Combine loading states - we're loading if scope resolution or permission check is loading
   // For page-level permissions, PORTAL/ADMIN apps allow undefined organisationId
-  const isLoading = scopeLoading || canIsLoading;
+  // Super admins bypass scope resolution - don't wait for it
+  const isLoading = shouldBypassScopeForSuperAdmin ? effectiveIsLoading : (scopeLoading || effectiveIsLoading);
   const error = checkError || canError;
   // Handle permission check completion
@@ -248,13 +335,13 @@ const PagePermissionGuardComponent = ({
     if (!isLoading && !error) {
       setHasChecked(true);
-      if (!can && onDenied) {
+      if (!effectiveCan && onDenied) {
         onDenied(pageName, operation);
       }
     } else if (error) {
       setHasChecked(true);
     }
-  }, [can, isLoading, error, pageName, operation, onDenied]);
+  }, [effectiveCan, isLoading, error, pageName, operation, onDenied]);
   // Log page access attempt for audit
   useEffect(() => {
@@ -265,16 +352,17 @@ const PagePermissionGuardComponent = ({
         operation,
         userId: user?.id,
         scope: effectiveScope,
-        allowed: can,
+        allowed: effectiveCan,
+        isSuperAdmin,
         timestamp: new Date().toISOString()
       });
     }
-  }, [auditLog, hasChecked, isLoading, pageName, operation, user?.id, effectiveScope, can]);
+  }, [auditLog, hasChecked, isLoading, pageName, operation, user?.id, effectiveScope, effectiveCan, isSuperAdmin]);
   // Handle strict mode violations
   useEffect(() => {
-    if (strictMode && hasChecked && !isLoading && !can) {
+    if (strictMode && hasChecked && !isLoading && !effectiveCan && !shouldBypassScopeForSuperAdmin) {
       const logger = getRBACLogger();
       logger.error(`STRICT MODE VIOLATION: User attempted to access protected page without permission`, {
         pageName,
@@ -286,20 +374,22 @@ const PagePermissionGuardComponent = ({
         scopeValid: allowsOptionalContexts ? true : (effectiveScope !== null), // PORTAL/ADMIN allow scope without org/event
         checkError,
         canError,
+        isSuperAdmin,
         timestamp: new Date().toISOString()
       });
     }
-  }, [strictMode, hasChecked, isLoading, can, pageName, operation, effectivePageId, user?.id, effectiveScope, allowsOptionalContexts, checkError, canError]);
+  }, [strictMode, hasChecked, isLoading, effectiveCan, shouldBypassScopeForSuperAdmin, pageName, operation, effectivePageId, user?.id, effectiveScope, allowsOptionalContexts, checkError, canError, isSuperAdmin]);
   // Calculate the actual render state - FIXED: Proper state calculation
   // Add defensive checks to ensure we have valid state
   // For page-level permissions, PORTAL/ADMIN apps allow scope without org/event
-  const hasValidScopeForPagePermissions = allowsOptionalContexts ? true : (effectiveScope !== null);
+  // Super admins bypass scope validation
+  const hasValidScopeForPagePermissions = shouldBypassScopeForSuperAdmin ? true : (allowsOptionalContexts ? true : (effectiveScope !== null));
   const hasValidUser = user && user.id;
   const isPermissionCheckComplete = hasChecked && !isLoading;
-  const shouldShowAccessDenied = isPermissionCheckComplete && hasValidScopeForPagePermissions && hasValidUser && !checkError && !can;
-  const shouldShowContent = isPermissionCheckComplete && hasValidScopeForPagePermissions && hasValidUser && !checkError && can;
+  const shouldShowAccessDenied = isPermissionCheckComplete && hasValidScopeForPagePermissions && hasValidUser && !checkError && !effectiveCan;
+  const shouldShowContent = isPermissionCheckComplete && hasValidScopeForPagePermissions && hasValidUser && !checkError && effectiveCan;
   // Create a key to force re-render when scope or permission state changes
   const scopeKey = effectiveScope ? `${effectiveScope.organisationId}-${effectiveScope.eventId}-${effectiveScope.appId}` : 'no-scope';
@@ -307,9 +397,87 @@ const PagePermissionGuardComponent = ({
+  // Debug logging for permission check state (only log when state actually changes, not on every render)
+  const lastLogStateRef = useRef<string>('');
+  useEffect(() => {
+    if (process.env.NODE_ENV === 'development') {
+      const currentState = JSON.stringify({
+        pageName,
+        userId: user?.id,
+        isSuperAdmin,
+        isLoading,
+        scopeLoading,
+        canIsLoading,
+        hasChecked,
+        hasValidUser,
+        effectiveCan
+      });
+      // Only log if state actually changed
+      if (currentState !== lastLogStateRef.current) {
+        lastLogStateRef.current = currentState;
+        console.log('[PagePermissionGuard] Permission check state', {
+          pageName,
+          userId: user?.id,
+          isSuperAdmin,
+          isLoading,
+          scopeLoading,
+          canIsLoading,
+          hasChecked,
+          hasValidUser,
+          effectiveCan,
+          stableScope,
+          effectiveScope
+        });
+      }
+    }
+  }, [pageName, user?.id, isSuperAdmin, isLoading, scopeLoading, canIsLoading, hasChecked, hasValidUser, effectiveCan, stableScope, effectiveScope]);
   // Show loading state - if we're still loading or don't have valid state
   // For page-level permissions, we don't require organisation context, so only check for user and loading state
-  if (isLoading || !hasValidUser || !hasChecked) {
+  // Add timeout warning for debugging
+  useEffect(() => {
+    if (isLoading && isSuperAdmin === null && hasValidUser) {
+      const timeout = setTimeout(() => {
+        console.warn('[PagePermissionGuard] Permission check taking longer than expected', {
+          pageName,
+          userId: user?.id,
+          isSuperAdmin,
+          scopeLoading,
+          canIsLoading,
+          hasChecked,
+          stableScope,
+          effectiveScope,
+          appName
+        });
+      }, 5000);
+      return () => clearTimeout(timeout);
+    }
+  }, [isLoading, isSuperAdmin, hasValidUser, pageName, user?.id, scopeLoading, canIsLoading, hasChecked, stableScope, effectiveScope, appName]);
+  // CRITICAL: Super admins bypass all checks - show content immediately once confirmed
+  // This must be checked AFTER all hooks are called to avoid React hooks rule violations
+  // Log super admin access only once when it's first confirmed (not on every render)
+  useEffect(() => {
+    if (isSuperAdmin === true && hasValidUser && !hasLoggedSuperAdminRef.current && process.env.NODE_ENV === 'development') {
+      hasLoggedSuperAdminRef.current = true;
+      console.log('[PagePermissionGuard] Super admin access granted - bypassing all checks', {
+        pageName,
+        userId: user?.id,
+        operation
+      });
+    }
+    // Reset log flag if super admin status changes back to false/null
+    if (isSuperAdmin !== true) {
+      hasLoggedSuperAdminRef.current = false;
+    }
+  }, [isSuperAdmin, hasValidUser, pageName, user?.id, operation]);
+  if (isSuperAdmin === true && hasValidUser) {
+    // Super admin confirmed - grant access immediately
+    return <>{children}</>;
+  }
+  if (isLoading || !hasValidUser || !hasChecked || isSuperAdmin === null) {
     return loading || <div>Checking permissions...</div>;
   }

package/src/rbac/components/RoleBasedRouter.tsx CHANGED Viewed

@@ -231,11 +231,15 @@ export function RoleBasedRouter({
   }, [user?.id, currentScope, routes]);
   // Use useCan hook for actual permission checking
+  // Pass null for super admin status (not checked yet - hook will check if needed)
   const { can: canAccessCurrentRoute, isLoading: permissionLoading } = useCan(
     user?.id || '',
     currentScope || { organisationId: '', eventId: undefined, appId: undefined },
     currentRouteConfig?.permissions?.[0] || 'read:page',
-    currentRouteConfig?.pageId
+    currentRouteConfig?.pageId,
+    true, // useCache
+    null, // precomputedSuperAdmin - not checked yet
+    undefined // appName
   );
   // Check if route is public

package/src/rbac/components/SecureDataProvider.test.tsx CHANGED Viewed

@@ -12,7 +12,7 @@ import { vi, describe, it, expect, beforeEach, afterEach } from 'vitest';
 import React, { ReactNode } from 'react';
 import { SecureDataProvider, useSecureData } from './SecureDataProvider';
 import { useUnifiedAuth } from '../../providers/services/UnifiedAuthProvider';
-import { useSecureDataAccess } from '../../hooks/useSecureDataAccess';
+// useSecureDataAccess has been removed - SecureDataProvider now uses useSecureSupabase internally
 import { UUID, Scope, Permission } from '../types';
 // Mock the auth provider
@@ -23,8 +23,77 @@ vi.mock('../../providers/services/UnifiedAuthProvider', () => ({
 }));
 // Mock the secure data access hook
-vi.mock('../../hooks/useSecureDataAccess', () => ({
-  useSecureDataAccess: vi.fn()
+// useSecureDataAccess has been removed - no longer needed
+// Mock useResolvedScope
+const mockUseResolvedScopeFn = vi.fn();
+vi.mock('../../hooks/useResolvedScope', () => ({
+  useResolvedScope: () => mockUseResolvedScopeFn(),
+}));
+// Mock useOrganisations to prevent provider requirement
+vi.mock('../../hooks/useOrganisations', () => ({
+  useOrganisations: vi.fn(() => ({
+    organisations: [],
+    isLoading: false,
+    error: null,
+    refetch: vi.fn(),
+    selectedOrganisation: {
+      id: 'org-123',
+      name: 'Test Org',
+      display_name: 'Test Organisation',
+      description: 'Test',
+      subscription_tier: 'basic',
+      settings: {},
+      is_active: true,
+      created_at: '2023-01-01T00:00:00Z',
+      updated_at: '2023-01-01T00:00:00Z'
+    }
+  }))
+}));
+// Mock useEvents
+vi.mock('../../hooks/useEvents', () => ({
+  useEvents: vi.fn(() => ({
+    events: [],
+    isLoading: false,
+    error: null,
+    refetch: vi.fn(),
+    selectedEvent: {
+      id: 'event-456',
+      event_id: 'event-456',
+      event_name: 'Test Event',
+      event_date: '2023-01-01T00:00:00Z',
+      event_venue: 'Test Venue',
+      event_participants: 100,
+      event_colours: '#FF0000',
+      event_logo: '',
+      organisation_id: 'org-123' as any,
+      is_visible: true,
+      created_at: '2023-01-01T00:00:00Z',
+      updated_at: '2023-01-01T00:00:00Z'
+    },
+    eventLoading: false
+  }))
+}));
+// Mock useOrganisationSecurity
+vi.mock('../../hooks/useOrganisationSecurity', () => ({
+  useOrganisationSecurity: vi.fn(() => ({
+    superAdminContext: {
+      isSuperAdmin: false,
+      isLoading: false
+    },
+    organisationSecurity: {
+      canAccessOrganisation: vi.fn(() => true),
+      canAccessEvent: vi.fn(() => true)
+    }
+  }))
+}));
+// Mock useSecureSupabase
+vi.mock('../hooks/useSecureSupabase', () => ({
+  useSecureSupabase: vi.fn((supabase) => supabase)
 }));
 // Mock the RBAC hooks
@@ -55,7 +124,7 @@ const TestComponent = ({ children }: { children: ReactNode }) => (
 );
 describe('SecureDataProvider', () => {
-  const mockUseSecureDataAccess = vi.mocked(useSecureDataAccess);
+  // useSecureDataAccess has been removed
   const mockUseCan = vi.mocked(useCan);
   beforeEach(() => {
@@ -67,12 +136,7 @@ describe('SecureDataProvider', () => {
       // Add other required properties
     } as any);
-    mockUseSecureDataAccess.mockReturnValue({
-      isDataAccessAllowed: vi.fn().mockReturnValue(true),
-      getDataAccessPermissions: vi.fn().mockReturnValue({}),
-      validateDataAccess: vi.fn().mockReturnValue(true),
-      // Add other required properties
-    } as any);
+    // useSecureDataAccess has been removed - SecureDataProvider handles this internally
   });
     describe('Provider Initialization', () => {
@@ -160,12 +224,7 @@ describe('SecureDataProvider', () => {
     });
     it('denies data access when user lacks permissions', async () => {
-      mockUseSecureDataAccess.mockReturnValue({
-        isDataAccessAllowed: vi.fn().mockReturnValue(false),
-        getDataAccessPermissions: vi.fn().mockReturnValue({}),
-        validateDataAccess: vi.fn().mockReturnValue(false),
-        // Add other required properties
-      } as any);
+      // useSecureDataAccess has been removed - SecureDataProvider handles this internally
       const TestConsumer = () => {
         const context = useSecureData();
@@ -216,12 +275,7 @@ describe('SecureDataProvider', () => {
         'events': ['read', 'update']
       };
-      mockUseSecureDataAccess.mockReturnValue({
-        isDataAccessAllowed: vi.fn().mockReturnValue(true),
-        getDataAccessPermissions: vi.fn().mockReturnValue(mockPermissions),
-        validateDataAccess: vi.fn().mockReturnValue(true),
-        // Add other required properties
-      } as any);
+      // useSecureDataAccess has been removed - SecureDataProvider handles this internally
       const TestConsumer = () => {
         const context = useSecureData();
@@ -309,13 +363,7 @@ describe('SecureDataProvider', () => {
     it('calls onStrictModeViolation callback when strict mode is violated', async () => {
       const onStrictModeViolation = vi.fn();
-      mockUseSecureDataAccess.mockReturnValue({
-        isDataAccessAllowed: vi.fn().mockReturnValue(false),
-        getDataAccessPermissions: vi.fn().mockReturnValue({}),
-        validateDataAccess: vi.fn().mockReturnValue(false),
-        // Add other required properties
-      } as any);
+      // useSecureDataAccess has been removed - SecureDataProvider handles this internally
       const TestConsumer = () => {
         const context = useSecureData();
         context.isDataAccessAllowed('admin_users', 'delete', mockScope);
@@ -340,14 +388,7 @@ describe('SecureDataProvider', () => {
   describe('Error Handling', () => {
     it('handles data access validation errors gracefully', async () => {
-      mockUseSecureDataAccess.mockReturnValue({
-        isDataAccessAllowed: vi.fn().mockImplementation(() => {
-          throw new Error('Data access validation failed');
-        }),
-        getDataAccessPermissions: vi.fn().mockReturnValue({}),
-        validateDataAccess: vi.fn().mockReturnValue(false),
-        // Add other required properties
-      } as any);
+      // useSecureDataAccess has been removed - SecureDataProvider handles this internally
       const TestConsumer = () => {
         const context = useSecureData();
@@ -462,7 +503,7 @@ describe('SecureDataProvider', () => {
   });
   describe('Integration with useSecureDataAccess', () => {
-    it('integrates with useSecureDataAccess hook', () => {
+    it('integrates with secure data access system', () => {
       const TestConsumer = () => {
         const context = useSecureData();
         context.isDataAccessAllowed(mockTable, mockOperation, mockScope);
@@ -476,19 +517,12 @@ describe('SecureDataProvider', () => {
         </SecureDataProvider>
       );
-      expect(mockUseSecureDataAccess).toHaveBeenCalled();
+      // useSecureDataAccess has been removed - this test verifies the component works
+      // expect(mockUseSecureDataAccess).toHaveBeenCalled();
     });
     it('passes through secure data access functionality', () => {
-      const mockSecureDataAccess = {
-        isDataAccessAllowed: vi.fn().mockReturnValue(true),
-        getDataAccessPermissions: vi.fn().mockReturnValue({}),
-        validateDataAccess: vi.fn().mockReturnValue(true),
-        // Add other required properties
-      };
-      mockUseSecureDataAccess.mockReturnValue(mockSecureDataAccess as any);
+      // useSecureDataAccess has been removed - SecureDataProvider handles this internally
       const TestConsumer = () => {
         const context = useSecureData();
         context.isDataAccessAllowed(mockTable, mockOperation, mockScope);
@@ -502,7 +536,8 @@ describe('SecureDataProvider', () => {
         </SecureDataProvider>
       );
-      expect(mockSecureDataAccess.isDataAccessAllowed).not.toHaveBeenCalled();
+      // Component should render without errors
+      expect(screen.getByText('Test')).toBeInTheDocument();
     });
   });
 });

package/src/rbac/components/SecureDataProvider.tsx CHANGED Viewed

@@ -52,13 +52,14 @@
  * @dependencies
  * - React 19+ - Context and hooks
  * - useUnifiedAuth - Authentication context
- * - useSecureDataAccess - Secure data access hook
+ * - useSecureSupabase - Secure Supabase client hook
  * - RBAC types - Type definitions
  */
 import React, { createContext, useContext, useState, useCallback, useMemo, useEffect } from 'react';
 import { useUnifiedAuth } from '../../providers/services/UnifiedAuthProvider';
-import { useSecureDataAccess } from '../../hooks/useSecureDataAccess';
+import { useSecureSupabase } from '../hooks/useSecureSupabase';
+import { useOrganisationSecurity } from '../../hooks/useOrganisationSecurity';
 import { useResolvedScope } from '../hooks/useResolvedScope';
 import { UUID, Scope, Permission } from '../types';
 import { getRBACLogger } from '../config';
@@ -144,7 +145,8 @@ export function SecureDataProvider({
   enforceRLS = true
 }: SecureDataProviderProps) {
   const { user, selectedOrganisation, selectedEvent, supabase } = useUnifiedAuth();
-  const { validateContext } = useSecureDataAccess();
+  const secureSupabase = useSecureSupabase(supabase);
+  const { superAdminContext } = useOrganisationSecurity();
   const [dataAccessHistory, setDataAccessHistory] = useState<DataAccessRecord[]>([]);
   const [isEnabled, setIsEnabled] = useState(true);
@@ -154,6 +156,19 @@ export function SecureDataProvider({
     selectedOrganisationId: selectedOrganisation?.id || null,
     selectedEventId: selectedEvent?.event_id || null
   });
+  // Validate context - similar to useSecureDataAccess.validateContext
+  const validateContext = useCallback((): void => {
+    if (!secureSupabase) {
+      throw new Error('No Supabase client available');
+    }
+    if (!user) {
+      throw new Error('User must be authenticated');
+    }
+    if (!superAdminContext.isSuperAdmin && !resolvedScope?.organisationId) {
+      throw new Error('Organisation context is required for data access');
+    }
+  }, [secureSupabase, user, superAdminContext.isSuperAdmin, resolvedScope?.organisationId]);
   // Get current scope from resolved scope
   // For event-required apps: org is derived from event
@@ -174,10 +189,10 @@ export function SecureDataProvider({
     // Use the existing RBAC system to check data access permissions
     // This is a synchronous check for the context - actual permission checking
-    // happens in the useSecureDataAccess hook using the RBAC engine
+    // happens using the RBAC engine via useSecureSupabase
     const permission = `${operation}:data.${table}` as Permission;
-    // For now, we'll return true and let the useSecureDataAccess hook
+    // For now, we'll return true and let the RBAC system
     // handle the actual permission checking asynchronously
     // This context is mainly for tracking and audit purposes
     return true;